Liquid restaking protocol Kelp paused its rsETH smart contracts after a cyber attack exploited an adapter bridge, resulting in the theft of approximately $293 million in digital assets.

Key Points

• Blockchain security firm Cyvers reported that the attacker drained $293 million from the rsETH adapter bridge contract.
• Approximately $250 million of the stolen funds have already been converted into Ether using a Tornado Cash-funded address.
• Kelp suspended rsETH contracts across the Ethereum mainnet and multiple Layer-2 networks to investigate the breach.
• Aave and at least eight other decentralized finance protocols froze rsETH markets to prevent further exposure to the compromised token.
• This incident follows a similar $280 million exploit of the Drift Protocol, which was attributed to suspected North Korean state-affiliated hackers.

Why it Matters

The attack underscores the significant security risks associated with the composability of decentralized finance protocols, where a single vulnerability can trigger cascading failures across multiple platforms. This event highlights the ongoing challenges regarding asset protection and systemic stability within the broader cryptocurrency ecosystem.